Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Tor .Onion Sites May Get Digital Certificates Soon

Posted by timothy on from the try-to-stop-from-crying dept.

Trailrunner7 writes News broke last week that Facebook had built a hidden services version of its social network available to users browsing anonymously via the Tor Project's proxy service. Unlike any .onion domain before it, Facebook's would be verified by a legitimate digital signature, signed and issued by DigiCert. Late yesterday, Jeremy Rowley, DigiCert's vice president of business development and legal, explained his company's decision to support this endeavor in a blog entry. He also noted that DigiCert is considering opening up its certification business to other .Onion domains in the future. "Using a digital certificate from DigiCert, Tor users are able to identify the exact .onion address operated by Facebook," Rowley explained. "Tor users can evaluate the digital certificate contents to discover that the entity operating the onion address is the same entity as the one operating facebook.com."

12 of 52 comments (clear)

  1. Why not use Verizon as your ISP as well by Crashmarik · · Score: 2

    I mean at the point you are using Facebook on TOR all you haven't done a thing for your privacy and just slowed your internet connection down. Might as well let Verizon label all your traffic as well.

    To top it off I can't imagine why anyone would want to deal with sites that are using certificates on TOR. All they do is provide a nice well defined entity that can be leaned on, to get your information.

    1. Re:Why not use Verizon as your ISP as well by Crashmarik · · Score: 4, Insightful

      If you are worried about your government persecuting you Facebook is not the place to hangout. If you want to get your message out to social media get a friend in a less repressive country to post on your behalf. Posting on facebook from someplace like Syria or No Korea would be tantamount to signing your own death warrant.

    2. Re:Why not use Verizon as your ISP as well by NotInHere · · Score: 2

      For hidden services, the address is also a public key, which is used to encrypt the connection one layer down. You don't need TLS in TLS, its bullshit. Tor should ship with a list of frequent hidden services (perhaps they can ask apk on how to make a host file engine ;) ? ).

    3. Re:Why not use Verizon as your ISP as well by Ralph+Wiggam · · Score: 2

      If you want to get your message out to social media get a friend in a less repressive country to post on your behalf.

      You don't see any problems with that plan?

    4. Re:Why not use Verizon as your ISP as well by jythie · · Score: 2

      Actually both twitter and facebook have been used in activism like this already, it is one of their appeals in repressive countries.

  2. Lessons previous learned: by Severus+Snape · · Score: 3, Interesting

    Lavabit.

    You would need to be a fucking moron to not believe there is not a warrant drafted for the FISC court already. Trust in any US web stakeholders for any users privacy is fallacy. Never mind when getting up to illegal shenanigans found on .onion like Silk Road.

  3. That's fucking stupid by Anonymous Coward · · Score: 4, Insightful

    The protocol itself cryptographically ensures that you're talking to the same service every time. That's why .onion addresses look funny: The cost of choosing parts of the name grows exponentially with the number of characters you want to choose. Taking over an .onion domain requires "choosing" the entire name, and that's impossible (infeasible to the point of impossibility).

    Using a certificate hierarchy with TOR can only do one thing: Expose you.

    1. Re:That's fucking stupid by Anonymous Coward · · Score: 2, Informative

      They chose facebook*, created a bunch of matching addresses and selected the address which looked nicest. The corewwwi part is actually random. You can't create the private key which results in the same address as Facebook's. You could create another address that starts with facebook, but functionally that would be an entirely different address that would not give you the ability to intercept requests to Facebook's address.

  4. Well, anyway ... by CaptainDork · · Score: 3, Informative

    ... I used the Tor browser to get to one of my burner Facebook accounts and it locked me. Such joy. I was coming at the site from another country, so Facebook had a major cow.

    I went mainstream and gave Facebook a tummy rub and all is well, but it was a fun ride.

    I still wonder what the Sam Hill any Facebook member would be doing on Tor, but you can bet your sweet ass that Facebook wants you no matter what route you take.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Well, anyway ... by Pope+Hagbard · · Score: 2

      I still wonder what the Sam Hill any Facebook member would be doing on Tor

      The non-paranoid idea normally floated is that it's for getting into FB from a country that's censoring it.

  5. Re:Wait by jythie · · Score: 4, Informative

    There is also another advantage of things like this, Tor becomes more effective as more people are using it for general tasks. I can recall a while back someone being caught for sending fake bomb threats via Tor. How did they find the person? They were the only one using Tor on their entire network and only used it at the same times the emails were sent.

    So there is an advantage to people simply using Tor for their normal everyday activities like this.

  6. Re:Wait by fluffy99 · · Score: 2

    Tor becomes more effective as more people are using it for general tasks.

    Tor becomes less effective when corporations are running the nodes. Nothing like funneling all your data through an untrusted proxy. Besides, didn't the NSA already show us that Tor does little to protect anonymity? Between cookies and other tracking methods, all those website already know who you are, regardless of how the traffic got there.